Typical LDAP Configurations
Last modified: 20 April 2023This page contains samples of ldap-config.properties file for different configuration cases.
Basic LDAP Login
Backup LDAP server is specified. Provided users can log in into LDAP with "EXAMPLE\Username", they log in into TeamCity also as "EXAMPLE\Username", username stored in TeamCity is "Username".
# The second URL is used when the first server is down.
java.naming.provider.url=ldap://example.com:389/DC=example,DC=com ldap://failover.example.com:389/DC=example,DC=com
# Allow to login with 'EXAMPLE\username', but cut off 'EXAMPLE' in TeamCity username.
teamcity.auth.loginFilter=EXAMPLE\\\\\\S+
teamcity.users.login.capture=EXAMPLE\\\\(.*)
# No synchronization, just login.
teamcity.options.users.synchronize=false
teamcity.options.groups.synchronize=falseActive Directory With User Details Synchronization
Users can log in into TeamCity with their domain name without domain part, there is an account "teamcity" with password "secret" that can read all Active Directory entries. TeamCity user display name and email are synchronized from Active Directory.
tip
Fix to eliminate double users creation (
EXAMPLE/Bob and Bob)
java.naming.provider.url=ldap://example.com:389/DC=example,DC=com
# Login using 'sAMAccountName' value.
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
# LDAP credentials for TeamCity plugin.
java.naming.security.principal=teamcity
java.naming.security.credentials=secret
# User synchronization: on, synchronize display name and e-mail.
teamcity.options.users.synchronize=true
teamcity.users.base=CN=users
teamcity.users.filter=(objectClass=user)
teamcity.users.username=sAMAccountName
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail
# Group synchronization: disabled.
teamcity.options.groups.synchronize=falseActive Directory With Group Synchronization
java.naming.provider.url=ldap://example.com:389/DC=example,DC=com
# Allow to enter anything, but after that format it into 'EXAMPLE\login'.
teamcity.auth.formatDN=EXAMPLE\\$login$
# LDAP credentials for TeamCity plugin.
java.naming.security.principal=teamcity
java.naming.security.credentials=secret
# Synchronize both users and groups. Remove obsolete TeamCity users, but don't create new ones automatically.
teamcity.options.users.synchronize=true
teamcity.options.groups.synchronize=true
teamcity.options.createUsers=false
teamcity.options.deleteUsers=true
teamcity.options.syncTimeout=3600000
# Search users from the root: 'DC=example,DC=com'.
teamcity.users.base=
teamcity.users.filter=(objectClass=user)
teamcity.users.username=sAMAccountName
# Search groups from 'CN=groups,DC=example,DC=com'.
teamcity.groups.base=CN=groups
teamcity.groups.filter=(objectClass=group)
teamcity.groups.property.member=memberThanks for your feedback!
Was this page helpful?